Configuration Command Reference Guide
Authority configuration is the top-most level in the SSR configuration hierarchy.
Subcommands
command | description |
---|
access-management | Role Based Access Control (RBAC) configuration. |
asset-connection-resiliency | Configure Asset Connection Resiliency |
backwards-compatible-vrf-bgp-tenants | When generating tenant names for VRF BGP over SVR, do not use leading or trailing underscores. This enables backwards compatibility with router versions smaller than 5.1.3 |
bgp-service-generation | Configure Bgp Service Generation |
cli-messages | Configure Cli Messages |
client-certificate | The client-certificate configuration contains client certificate content. |
clone | Clone a list item |
conductor-address | IP address or FQDN of the conductor |
currency | Local monetary unit. |
delete | Delete configuration data |
district | Districts in the authority. |
dscp-map | Configure Dscp Map |
dynamic-hostname | Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: {interface-id} for Network Interface Global Identifier {router-name} for Router Name {authority-name} for Authority Name For example, 'interface-{interface-id}.{router-name}.{authority-name}'. |
fib-service-match | When creating FIB entries by matching route updates to service addresses, consider the specified service addresses. |
forward-error-correction-profile | A profile for Forward Error Correection parameters, describing how often to send parity packets. |
icmp-control | Settings for ICMP packet handling |
idp-profile | User defined IDP profiles. |
ipfix-collector | Configuration for IPFIX record export. |
ipv4-option-filter | Configure Ipv 4 Option Filter |
ldap-server | LDAP Servers against which to authenticate user credentials. |
management-service-generation | Configure Management Service Generation |
metrics-profile | A collection of metrics |
name | The identifier for the Authority. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
password-policy | Password policy for user's passwords. |
pcli | Configure the PCLI. |
performance-monitoring-profile | A performance monitoring profile used to determine how often packets should be marked. |
radius-server | Radius Servers against which to authenticate user credentials. |
rekey-interval | Hours between security key regeneration. Recommended value 24 hours. |
remote-login | Configure Remote Login |
resource-group | Collect objects into a management group. |
router | The router configuration element serves as a container for holding the nodes of a single deployed router, along with their policies. |
routing | authority level routing configuration |
security | The security elements represent security policies for governing how and when the SSR encrypts and/or authenticates packets. |
service | The service configuration is where you define the services that reside within the authority's tenants as well as the policies to apply to those services. |
service-class | Defines the association between DSCP value and a priority queue. |
service-policy | A service policy, which defines parameters applied to services that reference the policy |
session-record-profile | A profile to describe how to collect session records. |
session-recovery-detection | Configure Session Recovery Detection |
session-type | Type of session classification based on protocol and port, and associates it with a default class of service. |
show | Show configuration data for 'authority' |
software-update | Configure Software Update |
step | Configure Step |
step-repo | List of Service and Topology Exchange Protocol repositories. |
tenant | A customer or user group within the Authority. |
traffic-profile | A set of minimum guaranteed bandwidths, one for each traffic priority |
trusted-ca-certificate | The trusted-ca-certificate configuration contains CA certificate content. |
web-messages | Configure Web Messages |
web-theme | Configure Web Theme |
Role Based Access Control (RBAC) configuration.
Subcommands
command | description |
---|
clone | Clone a list item |
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
role | Configure Role |
show | Show configuration data for 'access-management' |
token | Configuration for HTTP authentication token generation. |
Configure Role
Usage
configure authority access-management role <name>
Positional Arguments
name | description |
---|
name | A unique name that identifies this role. |
Subcommands
command | description |
---|
capability | The capabilities that this user will be granted. |
clone | Clone a list item |
delete | Delete configuration data |
description | A description about the role. |
exclude-resource | Exclude a resource from being associated with this role. |
name | A unique name that identifies this role. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
resource | Associate this role with a resource. |
resource-group | Associate this role with a top-level resource-group. |
show | Show configuration data for 'role' |
The capabilities that this user will be granted.
Usage
configure authority access-management role capability [<identityref>]
Positional Arguments
name | description |
---|
identityref | Value to add to this list |
A description about the role.
Usage
configure authority access-management role description [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Exclude a resource from being associated with this role.
Usage
configure authority access-management role exclude-resource <id>
Positional Arguments
name | description |
---|
id | Configure Id |
Subcommands
command | description |
---|
id | Configure Id |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'exclude-resource' |
Configure Id
Usage
configure authority access-management role exclude-resource id [<resource-id>]
Positional Arguments
name | description |
---|
resource-id | The value to set for this field |
A unique name that identifies this role.
Usage
configure authority access-management role name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
Associate this role with a resource.
Usage
configure authority access-management role resource <id>
Positional Arguments
name | description |
---|
id | Configure Id |
Subcommands
command | description |
---|
delete | Delete configuration data |
generated | Indicates whether or not the resource was automatically generated |
id | Configure Id |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'resource' |
Indicates whether or not the resource was automatically generated
Usage
configure authority access-management role resource generated [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Configure Id
Usage
configure authority access-management role resource id [<resource-id>]
Positional Arguments
name | description |
---|
resource-id | The value to set for this field |
Associate this role with a top-level resource-group.
Usage
configure authority access-management role resource-group [<resource-group-ref>]
Positional Arguments
name | description |
---|
resource-group-ref | Value to add to this list |
Configuration for HTTP authentication token generation.
Subcommands
command | description |
---|
delete | Delete configuration data |
expiration | Minutes after initial authentication that the authentication token is valid. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'token' |
Minutes after initial authentication that the authentication token is valid.
Usage
configure authority access-management token expiration [<union>]
Positional Arguments
name | description |
---|
union | The value to set for this field |
Description
Units: minutes
Configure Asset Connection Resiliency
Subcommands
command | description |
---|
delete | Delete configuration data |
enabled | Enable asset connection resiliency by creating SSH tunnels for asset connections from managed Router to Conductor. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'asset-connection-resiliency' |
Enable asset connection resiliency by creating SSH tunnels for asset connections from managed Router to Conductor.
Usage
configure authority asset-connection-resiliency enabled [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
When generating tenant names for VRF BGP over SVR, do not use leading or trailing underscores. This enables backwards compatibility with router versions smaller than 5.1.3
Usage
configure authority backwards-compatible-vrf-bgp-tenants [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Configure Bgp Service Generation
Subcommands
command | description |
---|
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
route-reflector-client-mesh | Generate service-route mesh for route reflector clients. |
security-policy | Security policy to be used instead of 'internal'. |
service-policy | Service policy to be used for generated BGP services. |
show | Show configuration data for 'bgp-service-generation' |
Generate service-route mesh for route reflector clients.
Usage
configure authority bgp-service-generation route-reflector-client-mesh [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Security policy to be used instead of 'internal'.
Usage
configure authority bgp-service-generation security-policy [<security-ref>]
Positional Arguments
name | description |
---|
security-ref | The value to set for this field |
Service policy to be used for generated BGP services.
Usage
configure authority bgp-service-generation service-policy [<service-policy-ref>]
Positional Arguments
name | description |
---|
service-policy-ref | The value to set for this field |
Configure Cli Messages
Subcommands
command | description |
---|
delete | Delete configuration data |
login-message | The message displayed before login through console. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'cli-messages' |
welcome-message | The message displayed after a successful login through console. |
The message displayed before login through console.
Usage
configure authority cli-messages login-message [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The message displayed after a successful login through console.
Usage
configure authority cli-messages welcome-message [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The client-certificate configuration contains client certificate content.
Usage
configure authority client-certificate <name>
Positional Arguments
name | description |
---|
name | An identifier for the client certificate. |
Subcommands
command | description |
---|
content | Client certificate content. |
delete | Delete configuration data |
name | An identifier for the client certificate. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'client-certificate' |
configure authority client-certificate content
Client certificate content.
Usage
configure authority client-certificate content [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
An identifier for the client certificate.
Usage
configure authority client-certificate name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
IP address or FQDN of the conductor
Usage
configure authority conductor-address [<hostv4>]
Positional Arguments
name | description |
---|
hostv4 | Value to add to this list |
Local monetary unit.
Usage
configure authority currency [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Districts in the authority.
Usage
configure authority district <name>
Positional Arguments
name | description |
---|
name | Name of the district. |
Subcommands
command | description |
---|
delete | Delete configuration data |
name | Name of the district. |
neighborhood | Neighborhoods which belong to this district. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
resource-group | Associate this district with a top-level resource-group. |
show | Show configuration data for 'district' |
Name of the district.
Usage
configure authority district name [<non-default-district-name>]
Positional Arguments
name | description |
---|
non-default-district-name | The value to set for this field |
Neighborhoods which belong to this district.
Usage
configure authority district neighborhood [<neighborhood-id>]
Positional Arguments
name | description |
---|
neighborhood-id | Value to add to this list |
Associate this district with a top-level resource-group.
Usage
configure authority district resource-group [<resource-group-ref>]
Positional Arguments
name | description |
---|
resource-group-ref | Value to add to this list |
Configure Dscp Map
Usage
configure authority dscp-map <name>
Positional Arguments
name | description |
---|
name | The name of the DSCP map |
Subcommands
command | description |
---|
clone | Clone a list item |
delete | Delete configuration data |
dscp-prioritization | Mapping from incoming DSCP value to a priority. These values are used when in DSCP trust mode. |
dscp-traffic-class | Mapping from incoming DSCP value to a traffic-class. These values are used when in DSCP trust mode. |
name | The name of the DSCP map |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
resource-group | Associate this DSCP map with a top-level resource-group. |
show | Show configuration data for 'dscp-map' |
Mapping from incoming DSCP value to a priority. These values are used when in DSCP trust mode.
Usage
configure authority dscp-map dscp-prioritization <priority>
Positional Arguments
name | description |
---|
priority | The priority assigned to the incoming DSCP value. |
Subcommands
command | description |
---|
clone | Clone a list item |
delete | Delete configuration data |
dscp-range | Configure Dscp Range |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
priority | The priority assigned to the incoming DSCP value. |
show | Show configuration data for 'dscp-prioritization' |
Configure Dscp Range
Usage
configure authority dscp-map dscp-prioritization dscp-range <start-value>
Positional Arguments
name | description |
---|
start-value | Lower DSCP number. |
Subcommands
command | description |
---|
delete | Delete configuration data |
end-value | Upper DSCP number. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'dscp-range' |
start-value | Lower DSCP number. |
Upper DSCP number.
Usage
configure authority dscp-map dscp-prioritization dscp-range end-value [<dscp-end-value>]
Positional Arguments
name | description |
---|
dscp-end-value | The value to set for this field |
Lower DSCP number.
Usage
configure authority dscp-map dscp-prioritization dscp-range start-value [<dscp>]
Positional Arguments
name | description |
---|
dscp | The value to set for this field |
The priority assigned to the incoming DSCP value.
Usage
configure authority dscp-map dscp-prioritization priority [<priority-id>]
Positional Arguments
name | description |
---|
priority-id | The value to set for this field |
Mapping from incoming DSCP value to a traffic-class. These values are used when in DSCP trust mode.
Usage
configure authority dscp-map dscp-traffic-class <traffic-class>
Positional Arguments
name | description |
---|
traffic-class | The traffic-class assigned to the incoming DSCP value. |
Subcommands
command | description |
---|
clone | Clone a list item |
delete | Delete configuration data |
dscp-range | Configure Dscp Range |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'dscp-traffic-class' |
traffic-class | The traffic-class assigned to the incoming DSCP value. |
Configure Dscp Range
Usage
configure authority dscp-map dscp-traffic-class dscp-range <start-value>
Positional Arguments
name | description |
---|
start-value | Lower DSCP number. |
Subcommands
command | description |
---|
delete | Delete configuration data |
end-value | Upper DSCP number. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'dscp-range' |
start-value | Lower DSCP number. |
Upper DSCP number.
Usage
configure authority dscp-map dscp-traffic-class dscp-range end-value [<dscp-end-value>]
Positional Arguments
name | description |
---|
dscp-end-value | The value to set for this field |
Lower DSCP number.
Usage
configure authority dscp-map dscp-traffic-class dscp-range start-value [<dscp>]
Positional Arguments
name | description |
---|
dscp | The value to set for this field |
The traffic-class assigned to the incoming DSCP value.
Usage
configure authority dscp-map dscp-traffic-class traffic-class [<traffic-class-id>]
Positional Arguments
name | description |
---|
traffic-class-id | The value to set for this field |
The name of the DSCP map
Usage
configure authority dscp-map name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
Associate this DSCP map with a top-level resource-group.
Usage
configure authority dscp-map resource-group [<resource-group-ref>]
Positional Arguments
name | description |
---|
resource-group-ref | Value to add to this list |
Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: {interface-id} for Network Interface Global Identifier {router-name} for Router Name {authority-name} for Authority Name For example, 'interface-{interface-id}.{router-name}.{authority-name}'.
Usage
configure authority dynamic-hostname [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
When creating FIB entries by matching route updates to service addresses, consider the specified service addresses.
Usage
configure authority fib-service-match [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
A profile for Forward Error Correection parameters, describing how often to send parity packets.
Usage
configure authority forward-error-correction-profile <name>
Positional Arguments
name | description |
---|
name | The name of the Forward Error Correction profile |
Subcommands
command | description |
---|
delete | Delete configuration data |
mode | Whether to dynamically adjust forward error correction to account for observed loss. |
name | The name of the Forward Error Correction profile |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
ratio | The ratio (expressed as x:1) which will dictate the number of data packets to transmit before a parity packet will be transmitted. |
show | Show configuration data for 'forward-error-correction-profile' |
Whether to dynamically adjust forward error correction to account for observed loss.
Usage
configure authority forward-error-correction-profile mode [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
The name of the Forward Error Correction profile
Usage
configure authority forward-error-correction-profile name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
The ratio (expressed as x:1) which will dictate the number of data packets to transmit before a parity packet will be transmitted.
Usage
configure authority forward-error-correction-profile ratio [<uint8>]
Positional Arguments
name | description |
---|
uint8 | The value to set for this field |
Settings for ICMP packet handling
Subcommands
command | description |
---|
delete | Delete configuration data |
icmp-async-reply | Whether to allow ICMP replies to be forwarded without corresponding requests. |
icmp-session-match | How to differentiate ICMP sessions. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'icmp-control' |
Whether to allow ICMP replies to be forwarded without corresponding requests.
Usage
configure authority icmp-control icmp-async-reply [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
How to differentiate ICMP sessions.
Usage
configure authority icmp-control icmp-session-match [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
User defined IDP profiles.
Usage
configure authority idp-profile <name>
Positional Arguments
name | description |
---|
name | Name of the profile. |
Subcommands
command | description |
---|
base-policy | Base policy used when building rules. |
clone | Clone a list item |
delete | Delete configuration data |
name | Name of the profile. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
rule | Configure Rule |
show | Show configuration data for 'idp-profile' |
Base policy used when building rules.
Usage
configure authority idp-profile base-policy [<idp-policy>]
Positional Arguments
name | description |
---|
idp-policy | The value to set for this field |
Name of the profile.
Usage
configure authority idp-profile name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
Configure Rule
Usage
configure authority idp-profile rule <name>
Positional Arguments
name | description |
---|
name | Name of the rule. |
Subcommands
command | description |
---|
delete | Delete configuration data |
description | Description of the rule. |
match | The options to use for matching. |
name | Name of the rule. |
outcome | The outcome applied to the match |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'rule' |
Description of the rule.
Usage
configure authority idp-profile rule description [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The options to use for matching.
Subcommands
command | description |
---|
client-address | Client address prefix to match in the rule. |
delete | Delete configuration data |
destination-address | Destination address prefix to match in the rule. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
severities | List of severity to match in the rule. |
severity | Match vulnerabilities only with severity mentioned or above. |
show | Show configuration data for 'match' |
vulnerability | List of custom vulnerabilities to match in the rule. |
Client address prefix to match in the rule.
Usage
configure authority idp-profile rule match client-address [<ip-prefix>]
Positional Arguments
name | description |
---|
ip-prefix | Value to add to this list |
Destination address prefix to match in the rule.
Usage
configure authority idp-profile rule match destination-address [<ip-prefix>]
Positional Arguments
name | description |
---|
ip-prefix | Value to add to this list |
List of severity to match in the rule.
Usage
configure authority idp-profile rule match severities [<idp-severity>]
Positional Arguments
name | description |
---|
idp-severity | Value to add to this list |
Match vulnerabilities only with severity mentioned or above.
Usage
configure authority idp-profile rule match severity [<idp-severity>]
Positional Arguments
name | description |
---|
idp-severity | The value to set for this field |
List of custom vulnerabilities to match in the rule.
Usage
configure authority idp-profile rule match vulnerability [<string>]
Positional Arguments
name | description |
---|
string | Value to add to this list |
Name of the rule.
Usage
configure authority idp-profile rule name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
The outcome applied to the match
Subcommands
command | description |
---|
action | Defines what action the system should take for the match. |
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
severity | Modify a vulnerability severity level of the match. |
show | Show configuration data for 'outcome' |
Defines what action the system should take for the match.
Usage
configure authority idp-profile rule outcome action [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
Modify a vulnerability severity level of the match.
Usage
configure authority idp-profile rule outcome severity [<idp-severity>]
Positional Arguments
name | description |
---|
idp-severity | The value to set for this field |
Configuration for IPFIX record export.
Usage
configure authority ipfix-collector <name>
Positional Arguments
name | description |
---|
name | A unique name for the collector. |
Subcommands
command | description |
---|
delete | Delete configuration data |
interim-record-interval | The time after which a new interim record will be generated if a flow still exists. |
ip-address | The IP address or hostname of the collector. |
name | A unique name for the collector. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
port | The port of the collector. |
protocol | The transport protocol to be used when communicating with the collector. |
resource-group | Associate this IPFIX collector with a top-level resource-group. |
sampling-percentage | The percentage of flows to be selected for export OR 'dynamic'. When set to 'dynamic', the system will select a percentage based on the current data volume as follows: || < 100 Mb/s : 1 in 256 || < 1 Gb/s : 1 in 512 || < 10 Gb/s : 1 in 1024 || < 25 Gb/s : 1 in 2048 || > 25 Gb/s : 1 in 8192 || |
show | Show configuration data for 'ipfix-collector' |
template-refresh-interval | The time between template retransmissions when using the UDP protocol. |
tenant | The tenants whose records this collector should receive. An empty list indicates all tenants. |
The time after which a new interim record will be generated if a flow still exists.
Usage
configure authority ipfix-collector interim-record-interval [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: seconds
The IP address or hostname of the collector.
Usage
configure authority ipfix-collector ip-address [<host>]
Positional Arguments
name | description |
---|
host | The value to set for this field |
A unique name for the collector.
Usage
configure authority ipfix-collector name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
The port of the collector.
Usage
configure authority ipfix-collector port [<l4-port>]
Positional Arguments
name | description |
---|
l4-port | The value to set for this field |
The transport protocol to be used when communicating with the collector.
Usage
configure authority ipfix-collector protocol [<ipfix-protocol>]
Positional Arguments
name | description |
---|
ipfix-protocol | The value to set for this field |
Associate this IPFIX collector with a top-level resource-group.
Usage
configure authority ipfix-collector resource-group [<resource-group-ref>]
Positional Arguments
name | description |
---|
resource-group-ref | Value to add to this list |
The percentage of flows to be selected for export OR 'dynamic'. When set to 'dynamic', the system will select a percentage based on the current data volume as follows: || < 100 Mb/s : 1 in 256 || < 1 Gb/s : 1 in 512 || < 10 Gb/s : 1 in 1024 || < 25 Gb/s : 1 in 2048 || > 25 Gb/s : 1 in 8192 ||
Usage
configure authority ipfix-collector sampling-percentage [<union>]
Positional Arguments
name | description |
---|
union | The value to set for this field |
The time between template retransmissions when using the UDP protocol.
Usage
configure authority ipfix-collector template-refresh-interval [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: seconds
The tenants whose records this collector should receive. An empty list indicates all tenants.
Usage
configure authority ipfix-collector tenant [<tenant-ref>]
Positional Arguments
name | description |
---|
tenant-ref | Value to add to this list |
Configure Ipv 4 Option Filter
Subcommands
command | description |
---|
action | How packets containing option headers are treated when being processed. |
delete | Delete configuration data |
drop-exclusion | Option headers that will not cause the packet to be dropped when present. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'ipv4-option-filter' |
How packets containing option headers are treated when being processed.
Usage
configure authority ipv4-option-filter action [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
Option headers that will not cause the packet to be dropped when present.
Usage
configure authority ipv4-option-filter drop-exclusion [<uint8>]
Positional Arguments
name | description |
---|
uint8 | Value to add to this list |
LDAP Servers against which to authenticate user credentials.
Usage
configure authority ldap-server <name>
Positional Arguments
name | description |
---|
name | The name of the LDAP server. |
Subcommands
command | description |
---|
address | The IP address or FQDN of the LDAP server. |
auto-generate-filter | When enabled, the SSR will generate user-search-base and group-search-base LDAP filters. |
bind-type | The type of binding to the LDAP server. |
certificate-assurance | LDAP assurance level to apply on server certificates in a TLS session. |
delete | Delete configuration data |
distinguished-name | The distinguished name to use for binding to the server. |
group-search-base | An optional group search LDAP filter to restrict searches for this attribute type. |
name | The name of the LDAP server. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
password | The password to use for binding to the server. |
port | Port to connect to LDAP server. |
resource-group | Associate this LDAP server with a top-level resource-group. |
search-base | The LDAP search base string. |
server-type | The type of LDAP server. |
show | Show configuration data for 'ldap-server' |
user-search-base | An optional user search LDAP filter to restrict searches for this attribute type. |
The IP address or FQDN of the LDAP server.
Usage
configure authority ldap-server address [<host>]
Positional Arguments
name | description |
---|
host | The value to set for this field |
When enabled, the SSR will generate user-search-base and group-search-base LDAP filters.
Usage
configure authority ldap-server auto-generate-filter [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
The type of binding to the LDAP server.
Usage
configure authority ldap-server bind-type [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
LDAP assurance level to apply on server certificates in a TLS session.
Usage
configure authority ldap-server certificate-assurance [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
The distinguished name to use for binding to the server.
Usage
configure authority ldap-server distinguished-name [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
An optional group search LDAP filter to restrict searches for this attribute type.
Usage
configure authority ldap-server group-search-base [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The name of the LDAP server.
Usage
configure authority ldap-server name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
The password to use for binding to the server.
Usage
configure authority ldap-server password [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Port to connect to LDAP server.
Usage
configure authority ldap-server port [<union>]
Positional Arguments
name | description |
---|
union | The value to set for this field |
Associate this LDAP server with a top-level resource-group.
Usage
configure authority ldap-server resource-group [<resource-group-ref>]
Positional Arguments
name | description |
---|
resource-group-ref | Value to add to this list |
The LDAP search base string.
Usage
configure authority ldap-server search-base [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The type of LDAP server.
Usage
configure authority ldap-server server-type [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
An optional user search LDAP filter to restrict searches for this attribute type.
Usage
configure authority ldap-server user-search-base [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Configure Management Service Generation
Subcommands
command | description |
---|
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
service-policy | Service policy to be used instead of auto-generated service policy. |
service-route-type | Strategy to generate service-routes for management services. |
show | Show configuration data for 'management-service-generation' |
Service policy to be used instead of auto-generated service policy.
Usage
configure authority management-service-generation service-policy [<service-policy-ref>]
Positional Arguments
name | description |
---|
service-policy-ref | The value to set for this field |
Strategy to generate service-routes for management services.
Usage
configure authority management-service-generation service-route-type [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
A collection of metrics
Usage
configure authority metrics-profile <name>
Positional Arguments
name | description |
---|
name | The name of the profile |
Subcommands
command | description |
---|
clone | Clone a list item |
delete | Delete configuration data |
filter | A list of parameter values that should be included in the output. |
metric | The ID of the metric as it exists in the REST API |
name | The name of the profile |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'metrics-profile' |
A list of parameter values that should be included in the output.
Usage
configure authority metrics-profile filter <parameter>
Positional Arguments
name | description |
---|
parameter | The name of the parameter being referenced |
Subcommands
command | description |
---|
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
parameter | The name of the parameter being referenced |
show | Show configuration data for 'filter' |
value | The values that should be included if matched |
The name of the parameter being referenced
Usage
configure authority metrics-profile filter parameter [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
The values that should be included if matched
Usage
configure authority metrics-profile filter value [<string>]
Positional Arguments
name | description |
---|
string | Value to add to this list |
The ID of the metric as it exists in the REST API
Usage
configure authority metrics-profile metric <id>
Positional Arguments
name | description |
---|
id | The ID of the metric as it exists in the REST API |
Subcommands
command | description |
---|
delete | Delete configuration data |
description | A customizable description of this metric's purpose |
id | The ID of the metric as it exists in the REST API |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'metric' |
A customizable description of this metric's purpose
Usage
configure authority metrics-profile metric description [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The ID of the metric as it exists in the REST API
Usage
configure authority metrics-profile metric id [<metric-id>]
Positional Arguments
name | description |
---|
metric-id | The value to set for this field |
The name of the profile
Usage
configure authority metrics-profile name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
The identifier for the Authority.
Usage
configure authority name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
Password policy for user's passwords.
Subcommands
command | description |
---|
delete | Delete configuration data |
deny | The number of failed login attempts before locking a user |
lifetime | The lifetime of a user's password in days |
minimum-length | The minimum length of user's password. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'password-policy' |
unlock-time | The time a user account will remained locked after failing login attempts |
The number of failed login attempts before locking a user
Usage
configure authority password-policy deny [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
The lifetime of a user's password in days
Usage
configure authority password-policy lifetime [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: days
The minimum length of user's password.
Usage
configure authority password-policy minimum-length [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
The time a user account will remained locked after failing login attempts
Usage
configure authority password-policy unlock-time [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: seconds
Configure the PCLI.
Subcommands
command | description |
---|
alias | An alias is a custom PCLI command that executes another PCLI command and optionally filters the output. |
clone | Clone a list item |
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'pcli' |
An alias is a custom PCLI command that executes another PCLI command and optionally filters the output.
Usage
configure authority pcli alias <path>
Positional Arguments
name | description |
---|
path | The space-delimited path to the alias. This will be the text that a user must enter to run the alias. |
Subcommands
command | description |
---|
clone | Clone a list item |
command | The PCLI command that the alias will run. |
delete | Delete configuration data |
description | A short, one line, description of the alias. This will be displayed in the PCLI as part of the command's help text. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
path | The space-delimited path to the alias. This will be the text that a user must enter to run the alias. |
resource-group | Associate this PCLI alias with a top-level resource-group. |
show | Show configuration data for 'alias' |
The PCLI command that the alias will run.
Usage
configure authority pcli alias command <path>
Positional Arguments
name | description |
---|
path | The PCLI command that the alias will run. This must be an existing PCLI command but may contain a pipe (|), output redirection (> or >>), input redirection (< or <<), or the question mark to get help (?). |
Subcommands
command | description |
---|
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
path | The PCLI command that the alias will run. This must be an existing PCLI command but may contain a pipe (|), output redirection (> or >>), input redirection (< or <<), or the question mark to get help (?). |
show | Show configuration data for 'command' |
table-filter | Filter the output table to only include the specified columns. This is a case-insensitive match (and also excludes special characters such as dashes.) |
The PCLI command that the alias will run. This must be an existing PCLI command but may contain a pipe (|), output redirection (> or >>), input redirection (< or <<), or the question mark to get help (?).
Usage
configure authority pcli alias command path [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Filter the output table to only include the specified columns. This is a case-insensitive match (and also excludes special characters such as dashes.)
Usage
configure authority pcli alias command table-filter [<string>]
Positional Arguments
name | description |
---|
string | Value to add to this list |
A short, one line, description of the alias. This will be displayed in the PCLI as part of the command's help text.
Usage
configure authority pcli alias description [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The space-delimited path to the alias. This will be the text that a user must enter to run the alias.
Usage
configure authority pcli alias path [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Associate this PCLI alias with a top-level resource-group.
Usage
configure authority pcli alias resource-group [<resource-group-ref>]
Positional Arguments
name | description |
---|
resource-group-ref | Value to add to this list |
A performance monitoring profile used to determine how often packets should be marked.
Usage
configure authority performance-monitoring-profile <name>
Positional Arguments
name | description |
---|
name | The name of the performance monitoring profile. |
Subcommands
command | description |
---|
delete | Delete configuration data |
interval-duration | Represents the duration of a packet marking interval in milliseconds. |
marking-count | The number of packets to mark within a given interval. |
monitor-only | Collect statistics without influencing packet processing features. |
name | The name of the performance monitoring profile. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
resource-group | Associate this performance monitoring profile with a top-level resource-group. |
show | Show configuration data for 'performance-monitoring-profile' |
Represents the duration of a packet marking interval in milliseconds.
Usage
configure authority performance-monitoring-profile interval-duration [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: milliseconds
The number of packets to mark within a given interval.
Usage
configure authority performance-monitoring-profile marking-count [<uint16>]
Positional Arguments
name | description |
---|
uint16 | The value to set for this field |
Description
Units: packets
Collect statistics without influencing packet processing features.
Usage
configure authority performance-monitoring-profile monitor-only [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
The name of the performance monitoring profile.
Usage
configure authority performance-monitoring-profile name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
Associate this performance monitoring profile with a top-level resource-group.
Usage
configure authority performance-monitoring-profile resource-group [<resource-group-ref>]
Positional Arguments
name | description |
---|
resource-group-ref | Value to add to this list |
Radius Servers against which to authenticate user credentials.
Usage
configure authority radius-server <name>
Positional Arguments
name | description |
---|
name | The name of the Radius server. |
Subcommands
command | description |
---|
address | The IP address or FQDN of the Radius server. |
delete | Delete configuration data |
name | The name of the Radius server. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
port | The port number Radius server listens on. |
secret | The secret key to bind to the Radius server. |
show | Show configuration data for 'radius-server' |
timeout | Radius Request Timeout. |
Control account creation behavior.
Usage
configure authority radius-server account-creation [<enumeration>]
Positional Arguments
name | description |
---|
manual or automatic | Manual is the default value, requires the user to be created using create-user . Automatic allows remote users that exist only in Radius to connect to the device without needing a local account. |
The IP address or FQDN of the Radius server.
Usage
configure authority radius-server address [<host>]
Positional Arguments
name | description |
---|
host | The value to set for this field |
The name of the Radius server.
Usage
configure authority radius-server name [<name-id>]
Positional Arguments
name | description |
---|
name-id | The value to set for this field |
The port number Radius server listens on.
Usage
configure authority radius-server port [<port-number>]
Positional Arguments
name | description |
---|
port-number | The value to set for this field |
The secret key to bind to the Radius server.
Usage
configure authority radius-server secret [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Radius Request Timeout.
Usage
configure authority radius-server timeout [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: seconds
Hours between security key regeneration. Recommended value 24 hours.
Usage
configure authority rekey-interval [<union>]
Positional Arguments
name | description |
---|
union | The value to set for this field |
Description
Units: hours
Configure Remote Login
Subcommands
command | description |
---|
delete | Delete configuration data |
enabled | Enable remote login from a Conductor to managed assets. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'remote-login' |
Enable remote login from a Conductor to managed assets.
Usage
configure authority remote-login enabled [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Collect objects into a management group.
Usage
configure authority resource-group <name>
Positional Arguments
name | description |
---|
name | The name of the resource group. |
Subcommands
command | description |
---|
delete | Delete configuration data |
description | A description about the resource-group. |
name | The name of the resource group. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'resource-group' |
A description about the resource-group.
Usage
configure authority resource-group description [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The name of the resource group.
Usage
configure authority resource-group name [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The router configuration element serves as a container for holding the nodes of a single deployed router, along with their policies.
Usage
configure authority router <name>
Positional Arguments
name | description |
---|
name | An identifier for the router. |
Subcommands
command | description |
---|
administrative-group | An identifier that associates this router with an administrative group. |
application-identification | Configure Application Identification |
bfd | BFD parameters for sessions between nodes within the router. |
clone | Clone a list item |
conductor-address | IP address or FQDN of the conductor |
delete | Delete configuration data |
description | A human-readable string that allows administrators to describe this configuration. |
dhcp-server-generated-address-pool | The address pool for KNI network-interfaces generated for dhcp-servers. |
district-settings | Per-district settings for the router. |
dns-config | Configure Dns Config |
entitlement | Project configuration for entitlement reporting. |
half-open-connection-limit | A limit on half-open TCP sessions. |
icmp-probe-profile | Profile for active ICMP probes for reachability-detection enforcement |
idp | Advanced IDP configuration. |
inter-node-security | The name of the security policy used for inter node communication between router interfaces |
location | A descriptive location for this SSR. |
location-coordinates | The geolocation of this router in ISO 6709 format. Some examples: (1) Degrees only: +50.20361-074.00417/ (2) Degrees and minutes: +5012.22-07400.25/ or (3) Degrees, minutes, and seconds: +501213.1-0740015.1/ |
maintenance-mode | When enabled, the router will be in maintenance mode and alarms related to this router will be shelved. |
management-service-generation | Configure Management Service Generation |
max-inter-node-way-points | Maximum number of way points to be allocated on inter-node path. |
name | An identifier for the router. |
nat-pool | A pool of shared NAT ports. |
node | List of one or two SSR software instances, comprising an SSR. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
path-mtu-discovery | Automatic path MTU discovery between nodes within the router. |
peer | Defines the properties associated with peer SSRs. The peer may be another router in the same authority or a router in a different authority |
rate-limit-policy | Configuration for rate limiting policy for all associated service traffic across all interfaces on a given node, when configured within a service-class. |
reachability-profile | Defines a traffic profile for reachability-detection enforcement |
redundancy-group | A group of redundant interfaces which will fail over together if one goes down for any reason. |
resource-group | Associate this router with a top-level resource-group. |
reverse-flow-enforcement | When to enforce biflow reverse fib entry check |
reverse-packet-session-resiliency | Parameters for setting session failover behavior without presence of forward traffic. |
router-group | Logical group of routers for filtering services. |
routing | A router-level container for all of the routing policies associated with a given SSR deployment. Each routing element may have one and only one routing-instance. |
service-route | Defines a route for a service or an instance of a service (server or service agent). |
service-route-policy | Used to define the properties of service routes. These capabilities influence route selection when determining the optimal path for establishing new sessions. |
show | Show configuration data for 'router' |
static-hostname-mapping | Map hostnames to ip-address resolutions. These entries will be put in /etc/hosts. This will prevent DNS requests from being sent for these hostnames. |
system | System group configuration. Lets administrators configure system-wide properties for their SSR deployment. |
udp-transform | UDP transform settings for interoperating with stateful TCP firewalls for nodes within the router. |
An identifier that associates this router with an administrative group.
Usage
configure authority router administrative-group [<name-id>]
Positional Arguments
name | description |
---|
name-id | Value to add to this list |
Description
Warning: 'administrative-group' is deprecated and will be removed in a future software version
Configure Application Identification
Subcommands
The maximum capacity for caching application-director requests
Usage
configure authority router application-identification application-director-cache-max-capacity [<uint64>]
Positional Arguments
name | description |
---|
uint64 | The value to set for this field |
Automatic updating of application data
Subcommands
command | description |
---|
day-of-week | The day of the week to perform updates |
delete | Delete configuration data |
enabled | Enable updates |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'auto-update' |
update-frequency | How often to attempt to update |
update-jitter | The max random jitter applied to the update time |
update-time | The hour of the day on the local system to fetch |
The day of the week to perform updates
Usage
configure authority router application-identification auto-update day-of-week [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
Enable updates
Usage
configure authority router application-identification auto-update enabled [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
How often to attempt to update
Usage
configure authority router application-identification auto-update update-frequency [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
The max random jitter applied to the update time
Usage
configure authority router application-identification auto-update update-jitter [<uint8>]
Positional Arguments
name | description |
---|
uint8 | The value to set for this field |
The hour of the day on the local system to fetch
Usage
configure authority router application-identification auto-update update-time [<uint8>]
Positional Arguments
name | description |
---|
uint8 | The value to set for this field |
The maximum capacity for resolved next-hops under a client
Usage
configure authority router application-identification max-capacity [<uint64>]
Positional Arguments
name | description |
---|
uint64 | The value to set for this field |
Application learning modes.
Usage
configure authority router application-identification mode [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | Value to add to this list |
Enable per app classification metrics
Usage
configure authority router application-identification per-app-metrics [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Configure Summary Retention
Subcommands
command | description |
---|
delete | Delete configuration data |
duration | How long the AppID documents should be stored |
enabled | Enable persistence of app summary to the DB for UI and other uses |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'summary-retention' |
How long the AppID documents should be stored
Usage
configure authority router application-identification summary-retention duration [<duration>]
Positional Arguments
name | description |
---|
duration | The value to set for this field |
Enable persistence of app summary to the DB for UI and other uses
Usage
configure authority router application-identification summary-retention enabled [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Enable session stats tracking by applications
Usage
configure authority router application-identification summary-tracking [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Use in-memory db
Usage
configure authority router application-identification use-application-director-in-memory-db [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Enhanced application identification with URL based filtering
Subcommands
command | description |
---|
classify-session | Configure Classify Session |
delete | Delete configuration data |
enabled | Whether web filtering should be enabled |
max-retransmission-attempts-before-allow | Maximum number of retransmission packet attempts having a category cache miss before allowing session to continue |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'web-filtering' |
Configure Classify Session
Subcommands
command | description |
---|
delete | Delete configuration data |
max-cache-size | The maximum size for the in-memory cache that stores url data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
retries | The maximum retries for client to request for classifying the session |
show | Show configuration data for 'classify-session' |
timeout | Maximum time in seconds that can be taken for classifying the session |
The maximum size for the in-memory cache that stores url data
Usage
configure authority router application-identification web-filtering classify-session max-cache-size [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
The maximum retries for client to request for classifying the session
Usage
configure authority router application-identification web-filtering classify-session retries [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Maximum time in seconds that can be taken for classifying the session
Usage
configure authority router application-identification web-filtering classify-session timeout [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: seconds
Whether web filtering should be enabled
Usage
configure authority router application-identification web-filtering enabled [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Maximum number of retransmission packet attempts having a category cache miss before allowing session to continue
Usage
configure authority router application-identification web-filtering max-retransmission-attempts-before-allow [<uint8>]
Positional Arguments
name | description |
---|
uint8 | The value to set for this field |
Description
Units: packets
Interval to define how often analytics are calculated
Usage
configure authority router application-identification write-interval [<duration>]
Positional Arguments
name | description |
---|
duration | The value to set for this field |
BFD parameters for sessions between nodes within the router.
Subcommands
command | description |
---|
authentication-type | Describes the authentication type used in BFD packets |
delete | Delete configuration data |
desired-tx-interval | Represents the frequency with which BFD asynchronous control packets are sent to peer nodes/routers. |
dscp | The DSCP value to use with BFD packets. |
dynamic-damping | When enabled, extend the hold-down time if additional link flaps occur during the hold-down period. |
hold-down-time | Represents the hold-down time. If dynamic-damping is enabled, this is the initial hold-down time. |
link-test-interval | This represents the interval between BFD echo tests sent to the peer node/router. |
link-test-length | This is the number of packets sent during one test cycle. A value of 0 disables BFD echo tests. |
maximum-hold-down-time | Represents the maximum hold-down time of dynamic-damping exponential backoff. If the hold-down-time hits the maximum three times in a row, it will reset back to the original value. |
multiplier | Number of consecutive missed messages from a peer before deciding that the link between them is unusable. Valid range is (3,20). |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
required-min-rx-interval | Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting. |
show | Show configuration data for 'bfd' |
state | When enabled, run BFD between all nodes within the router. |
Describes the authentication type used in BFD packets
Usage
configure authority router bfd authentication-type [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
Represents the frequency with which BFD asynchronous control packets are sent to peer nodes/routers.
Usage
configure authority router bfd desired-tx-interval [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: milliseconds
The DSCP value to use with BFD packets.
Usage
configure authority router bfd dscp [<dscp>]
Positional Arguments
name | description |
---|
dscp | The value to set for this field |
When enabled, extend the hold-down time if additional link flaps occur during the hold-down period.
Usage
configure authority router bfd dynamic-damping [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
Represents the hold-down time. If dynamic-damping is enabled, this is the initial hold-down time.
Usage
configure authority router bfd hold-down-time [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: seconds
This represents the interval between BFD echo tests sent to the peer node/router.
Usage
configure authority router bfd link-test-interval [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: seconds
This is the number of packets sent during one test cycle. A value of 0 disables BFD echo tests.
Usage
configure authority router bfd link-test-length [<uint8>]
Positional Arguments
name | description |
---|
uint8 | The value to set for this field |
Description
Units: packets
Represents the maximum hold-down time of dynamic-damping exponential backoff. If the hold-down-time hits the maximum three times in a row, it will reset back to the original value.
Usage
configure authority router bfd maximum-hold-down-time [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: seconds
Number of consecutive missed messages from a peer before deciding that the link between them is unusable. Valid range is (3,20).
Usage
configure authority router bfd multiplier [<uint8>]
Positional Arguments
name | description |
---|
uint8 | The value to set for this field |
Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.
Usage
configure authority router bfd required-min-rx-interval [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: milliseconds
When enabled, run BFD between all nodes within the router.
Usage
configure authority router bfd state [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
IP address or FQDN of the conductor
Usage
configure authority router conductor-address [<hostv4>]
Positional Arguments
name | description |
---|
hostv4 | Value to add to this list |
A human-readable string that allows administrators to describe this configuration.
Usage
configure authority router description [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The address pool for KNI network-interfaces generated for dhcp-servers.
Usage
configure authority router dhcp-server-generated-address-pool [<ipv4-prefix>]
Positional Arguments
name | description |
---|
ipv4-prefix | The value to set for this field |
Per-district settings for the router.
Usage
configure authority router district-settings <district-name>
Positional Arguments
name | description |
---|
district-name | Name of the district. |
Subcommands
command | description |
---|
delete | Delete configuration data |
district-name | Name of the district. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'district-settings' |
step-peer-path-sla-metrics-advertisement | STEP advertisement settings for peer path SLA metrics. |
Name of the district.
Usage
configure authority router district-settings district-name [<district-name>]
Positional Arguments
name | description |
---|
district-name | The value to set for this field |
STEP advertisement settings for peer path SLA metrics.
Subcommands
command | description |
---|
delete | Delete configuration data |
minimum-update-interval | Minimum (burst) interval in between updating peer path SLA metric values advertised in STEP |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'step-peer-path-sla-metrics-advertisement' |
update-burst-size | Limit on the number of peer path SLA metric value updates advertised in STEP at the minimum (burst) update interval. |
update-rate-limit | Rate limit interval in between updating peer path SLA metric values advertised in STEP |
Minimum (burst) interval in between updating peer path SLA metric values advertised in STEP
Usage
configure authority router district-settings step-peer-path-sla-metrics-advertisement minimum-update-interval [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: seconds
Limit on the number of peer path SLA metric value updates advertised in STEP at the minimum (burst) update interval.
Usage
configure authority router district-settings step-peer-path-sla-metrics-advertisement update-burst-size [<uint8>]
Positional Arguments
name | description |
---|
uint8 | The value to set for this field |
Rate limit interval in between updating peer path SLA metric values advertised in STEP
Usage
configure authority router district-settings step-peer-path-sla-metrics-advertisement update-rate-limit [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: seconds
Configure Dns Config
Usage
configure authority router dns-config <mode>
Positional Arguments
name | description |
---|
mode | Mode of DNS server configuration. |
Subcommands
command | description |
---|
address | Address of servers to use for DNS queries. |
delete | Delete configuration data |
mode | Mode of DNS server configuration. |
move | Move list items |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'dns-config' |
Address of servers to use for DNS queries.
Usage
configure authority router dns-config address [<ip-address>]
Positional Arguments
name | description |
---|
ip-address | Value to add to this list |
Mode of DNS server configuration.
Usage
configure authority router dns-config mode [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
Address of servers to use for DNS queries.
Usage
configure authority router dns-config move address [force] <value> <position> [<relative-to>]
Keyword Arguments
name | description |
---|
force | Skip confirmation prompt |
Positional Arguments
name | description |
---|
value | Value to move |
position | first | last | before | after |
relative-to | Value before or after which to move |
Project configuration for entitlement reporting.
Subcommands
command | description |
---|
delete | Delete configuration data |
description | A description of the project. |
id | Project identifier. |
max-bandwidth | Purchased bandwidth for the project. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'entitlement' |
A description of the project.
Usage
configure authority router entitlement description [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Project identifier.
Usage
configure authority router entitlement id [<entitlement-project-id>]
Positional Arguments
name | description |
---|
entitlement-project-id | The value to set for this field |
Purchased bandwidth for the project.
Usage
configure authority router entitlement max-bandwidth [<uint64>]
Positional Arguments
name | description |
---|
uint64 | The value to set for this field |
Description
Units: bits/second
A limit on half-open TCP sessions.
Usage
configure authority router half-open-connection-limit [<union>]
Positional Arguments
name | description |
---|
union | The value to set for this field |
Profile for active ICMP probes for reachability-detection enforcement
Usage
configure authority router icmp-probe-profile <name>
Positional Arguments
name | description |
---|
name | Name of the ICMP probe profile |
Subcommands
command | description |
---|
delete | Delete configuration data |
name | Name of the ICMP probe profile |
number-of-attempts | Number of consecutive ICMP ping requests to be sent within the probe-duration before deciding that destination is unreachable |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
probe-address | Address to send ICMP ping requests to |
probe-duration | Duration within which to reach the destination. Each attempt will be made in (probe-duration / number-of-attempts) interval |
probe-failure-trigger | Control how failure to ping probe-addresses impacts state. |
probe-interval | Duration of how often to perform a link test to the destination |
show | Show configuration data for 'icmp-probe-profile' |
sla-metrics | SLA-metrics requirements for ICMP ping |
Name of the ICMP probe profile
Usage
configure authority router icmp-probe-profile name [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Number of consecutive ICMP ping requests to be sent within the probe-duration before deciding that destination is unreachable
Usage
configure authority router icmp-probe-profile number-of-attempts [<uint8>]
Positional Arguments
name | description |
---|
uint8 | The value to set for this field |
Address to send ICMP ping requests to
Usage
configure authority router icmp-probe-profile probe-address [<ip-address>]
Positional Arguments
name | description |
---|
ip-address | Value to add to this list |
Duration within which to reach the destination. Each attempt will be made in (probe-duration / number-of-attempts) interval
Usage
configure authority router icmp-probe-profile probe-duration [<uint8>]
Positional Arguments
name | description |
---|
uint8 | The value to set for this field |
Description
Units: seconds
Control how failure to ping probe-addresses impacts state.
Usage
configure authority router icmp-probe-profile probe-failure-trigger [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
Duration of how often to perform a link test to the destination
Usage
configure authority router icmp-probe-profile probe-interval [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: seconds
SLA-metrics requirements for ICMP ping
Subcommands
command | description |
---|
delete | Delete configuration data |
latency | Configure Latency |
max-loss | The amount of acceptable loss on the link. Determined by sending number-of-attempts ICMP requests and waiting probe-duration for response |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'sla-metrics' |
Configure Latency
Subcommands
command | description |
---|
delete | Delete configuration data |
max | Maximum acceptable latency based on the ping test |
mean | The maximum acceptable mean latency based on the ping test |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'latency' |
Maximum acceptable latency based on the ping test
Usage
configure authority router icmp-probe-profile sla-metrics latency max [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: milliseconds
The maximum acceptable mean latency based on the ping test
Usage
configure authority router icmp-probe-profile sla-metrics latency mean [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: milliseconds
The amount of acceptable loss on the link. Determined by sending number-of-attempts ICMP requests and waiting probe-duration for response
Usage
configure authority router icmp-probe-profile sla-metrics max-loss [<percentage>]
Positional Arguments
name | description |
---|
percentage | The value to set for this field |
Description
Units: percent
Advanced IDP configuration.
Subcommands
command | description |
---|
bypass-enabled | IDP config to enable/disable bypass |
delete | Delete configuration data |
mode | IDP config management mode |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'idp' |
IDP config to enable/disable bypass
Usage
configure authority router idp bypass-enabled [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
IDP config management mode
Usage
configure authority router idp mode [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
The name of the security policy used for inter node communication between router interfaces
Usage
configure authority router inter-node-security [<security-ref>]
Positional Arguments
name | description |
---|
security-ref | The value to set for this field |
A descriptive location for this SSR.
Usage
configure authority router location [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
The geolocation of this router in ISO 6709 format. Some examples: (1) Degrees only: +50.20361-074.00417/ (2) Degrees and minutes: +5012.22-07400.25/ or (3) Degrees, minutes, and seconds: +501213.1-0740015.1/
Usage
configure authority router location-coordinates [<geolocation>]
Positional Arguments
name | description |
---|
geolocation | The value to set for this field |
configure authority router maintenance-mode
When enabled, the router will be in maintenance mode and alarms related to this router will be shelved.
Usage
configure authority router maintenance-mode [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Configure Management Service Generation
Subcommands
command | description |
---|
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
proxy | Enable/disable proxy of public to private conductor addresses |
service-policy | Service policy to be used instead of auto-generated service policy. |
service-route-type | Strategy to generate service-routes for management services. |
show | Show configuration data for 'management-service-generation' |
Enable/disable proxy of public to private conductor addresses
Usage
configure authority router management-service-generation proxy [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Service policy to be used instead of auto-generated service policy.
Usage
configure authority router management-service-generation service-policy [<service-policy-ref>]
Positional Arguments
name | description |
---|
service-policy-ref | The value to set for this field |
Strategy to generate service-routes for management services.
Usage
configure authority router management-service-generation service-route-type [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
Maximum number of way points to be allocated on inter-node path.
Usage
configure authority router max-inter-node-way-points [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Warning: a restart is required if max-inter-node-way-points is created, modified, or deleted
An identifier for the router.
Usage
configure authority router name [<reserved-name-id>]
Positional Arguments
name | description |
---|
reserved-name-id | The value to set for this field |
Description
Warning: a restart is required if name is created or deleted
A pool of shared NAT ports.
Usage
configure authority router nat-pool <name>
Positional Arguments
name | description |
---|
name | An identifier for the NAT Pool. |
Subcommands
command | description |
---|
address-pool | Defines the NAT prefix and ports in the pool. |
clone | Clone a list item |
delete | Delete configuration data |
move | Move list items |
name | An identifier for the NAT Pool. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'nat-pool' |
Defines the NAT prefix and ports in the pool.
Usage
configure authority router nat-pool address-pool <address>
Positional Arguments
name | description |
---|
address | IP Prefix for the pool of NAT ports. |
Subcommands
command | description |
---|
address | IP Prefix for the pool of NAT ports. |
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
pool-type | Type of NAT pool |
show | Show configuration data for 'address-pool' |
tenant-name | Tenant for which this nat pool is applied |
IP Prefix for the pool of NAT ports.
Usage
configure authority router nat-pool address-pool address [<ip-prefix>]
Positional Arguments
name | description |
---|
ip-prefix | The value to set for this field |
Type of NAT pool
Usage
configure authority router nat-pool address-pool pool-type [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
Tenant for which this nat pool is applied
Usage
configure authority router nat-pool address-pool tenant-name [<tenant-ref>]
Positional Arguments
name | description |
---|
tenant-ref | Value to add to this list |
Defines the NAT prefix and ports in the pool.
Usage
configure authority router nat-pool move address-pool <address> <position> [<relative-to-address>]
Positional Arguments
name | description |
---|
address | IP Prefix for the pool of NAT ports. |
position | first | last | before | after |
relative-to-address | Key of item before or after which to move |
An identifier for the NAT Pool.
Usage
configure authority router nat-pool name [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
List of one or two SSR software instances, comprising an SSR.
Usage
configure authority router node <name>
Positional Arguments
name | description |
---|
name | An arbitrary, unique name for the node, used to reference it in other configuration sections. This MUST match the name in the local initialization file. |
Subcommands
command | description |
---|
asset-id | A unique identifier of an SSR node used for automated provisioning |
asset-validation-enabled | Validate that the asset is suitable to run SSR. |
clone | Clone a list item |
delete | Delete configuration data |
description | A description about the node. |
device-interface | List of physical or virtual interfaces in the node. |
enabled | Enable/disable the whole node. |
forwarding-core-count | The number of CPU cores to dedicate to traffic forwarding when using 'manual' forwarding core mode. |
forwarding-core-mode | The method by which the number of CPU cores dedicated to traffic forwarding should be determined. |
ipfix | Node specific IPFIX configuration |
location | A text description of the node's physical location. |
loopback-address | The loopback IP address to use for management traffic originating on this node when routed via SVR. |
name | An arbitrary, unique name for the node, used to reference it in other configuration sections. This MUST match the name in the local initialization file. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
port-forwarding | Configuration for establishing local port-forwarding to remote server. |
power-saver | Allow the traffic forwarding cores to sleep when there is no traffic to process |
radius | Radius authentication parameters for this node. |
reachability-detection | Layer 2 reachability detection |
role | The node's role in the SSR system. |
session-processor-count | The number of threads to use for session processing when using 'manual' session-processor mode. |
session-processor-mode | The method by which the number of threads used for session processing should be determined. |
session-setup-scaling | Whether or not to enable session setup scaling. |
show | Show configuration data for 'node' |
ssh-keepalive | Configure Ssh Keepalive |
top-sessions | Views of top sessions by an ordering criteria. |
A unique identifier of an SSR node used for automated provisioning
Usage
configure authority router node asset-id [<asset-id>]
Positional Arguments
name | description |
---|
asset-id | The value to set for this field |
Validate that the asset is suitable to run SSR.
Usage
configure authority router node asset-validation-enabled [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
A description about the node.
Usage
configure authority router node description [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
List of physical or virtual interfaces in the node.
Usage
configure authority router node device-interface <name>
Positional Arguments
name | description |
---|
name | A unique name identifier for the physical or virtual interface, used to reference it in other configuration sections and show commands. |
Subcommands
command | description |
---|
bond-settings | Configure Bond Settings |
bridge-name | An optional bridge name to be used for the bridging the kni and target interfaces. If no name is specified, one will be auto-generated |
capture-filter | Filter to be used when matching packets on this device interface. Uses Berkeley Packet Filter (BPF) syntax. |
clone | Clone a list item |
delete | Delete configuration data |
description | A description of the device-interface. |
enabled | Whether this interface is administratively enabled. |
forwarding | Whether this interface is used for forwarding traffic. |
interface-name | The interface name associated with the OS network device. |
link-settings | Ethernet link settings on the interface |
lldp | Link Layer Description Protocol settings |
load-balancing | Configure Load Balancing |
lte | Configure Lte |
name | A unique name identifier for the physical or virtual interface, used to reference it in other configuration sections and show commands. |
network-interface | List of network interfaces for the device-interface. |
network-namespace | The network namespace in which this network interface will be located |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
parent-bond | The bond type interface that this interface is grouped with. |
pci-address | The PCI address of the device. Only relevant if type is ethernet. |
pppoe | Configure Pppoe |
promiscuous-mode | Enables promiscuous mode on the interface. |
q-in-q | Enables Q-in-Q encapsulation |
reinsert-vlan | Enables reinsertion of NIC-stripped VLAN on ingress packets, on supported devices. |
session-optimization | Configure Session Optimization |
shared-phys-address | Virtual MAC address for interface redundancy. |
show | Show configuration data for 'device-interface' |
sriov-vlan-filter | Enables VLAN filtering on supported SR-IOV devices. |
strip-vlan | Enables VLAN stripping on ingress packets on supported devices. |
target-interface | Specifies the name of an external interface to be automatically bridged to a logical interface. |
traffic-engineering | Configure Traffic Engineering |
type | Type of interface. |
vmbus-uuid | The VMBus UUID of the network device. Hyper-V Environment only. Only relevant if type is ethernet. |
vrrp | Parameters for Interface Redundancy using Virtual Router Redundancy Protocol (VRRP) like protocol. |
Configure Bond Settings
Subcommands
command | description |
---|
delete | Delete configuration data |
lacp-enable | Use 802.3ad LACP protocol for the Bond. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'bond-settings' |
Use 802.3ad LACP protocol for the Bond.
Usage
configure authority router node device-interface bond-settings lacp-enable [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
An optional bridge name to be used for the bridging the kni and target interfaces. If no name is specified, one will be auto-generated
Usage
configure authority router node device-interface bridge-name [<bridge-name>]
Positional Arguments
name | description |
---|
bridge-name | The value to set for this field |
Filter to be used when matching packets on this device interface. Uses Berkeley Packet Filter (BPF) syntax.
Usage
configure authority router node device-interface capture-filter [<string>]
Positional Arguments
name | description |
---|
string | Value to add to this list |
A description of the device-interface.
Usage
configure authority router node device-interface description [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Whether this interface is administratively enabled.
Usage
configure authority router node device-interface enabled [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
Whether this interface is used for forwarding traffic.
Usage
configure authority router node device-interface forwarding [<boolean>]
Positional Arguments
name | description |
---|
boolean | The value to set for this field |
The interface name associated with the OS network device.
Usage
configure authority router node device-interface interface-name [<string>]
Positional Arguments
name | description |
---|
string | The value to set for this field |
Ethernet link settings on the interface
Usage
configure authority router node device-interface link-settings [<enumeration>]
Positional Arguments
name | description |
---|
enumeration | The value to set for this field |
Link Layer Description Protocol settings
Subcommands
command | description |
---|
advertisement-interval | The frequency of sending LLDP advertisements. |
delete | Delete configuration data |
enabled | Whether or not LLDP sending and receiving is enabled on this device. |
hold-multiplier | The multiplier to apply to the advertisement-interval when setting the LLDP TTL. |
mode | The mode in which LLDP operates on the interface |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'lldp' |
The frequency of sending LLDP advertisements.
Usage
configure authority router node device-interface lldp advertisement-interval [<uint32>]
Positional Arguments
name | description |
---|
uint32 | The value to set for this field |
Description
Units: seconds
Whether or not LLDP sending and receiving is enabled on this device.
Usage
configure authority router node device-interface lldp enabled [<boolean>]
Positional Arguments